Link Search Menu Expand Document

Restore Anomalous Object

Workflow #0042

Response Workflow

This workflow was developed and is supported by Cohesity

This workflow restores the specified anomalous object to the latest clean snapshot in Cohesity Helios. It also resolves the alert on Helios once the restore task is triggered. The restored VM name will be in the format “Recover-{original VM name}-VM-{restore time}” and the restore task name on the cluster will be in the format “Cisco_SecureX_triggered_restore_task_{object name}”. Supported observable: hostname

Note: This workflow is designed to be triggered from SecureX incidents generated by one of the following workflows:


Change Log

Date Notes
Sep 24, 2021 - Initial release

See the Important Notes page for more information about updating workflows


  • The following system atomics are used by this workflow:
    • None
  • The following atomic actions must be imported before you can import this workflow:
    • None
  • Cohesity Helios

Workflow Steps

  1. Make sure the observable type provided is supported
  2. Execute a Python script to restore the object, resolve the alert, and perform optional cleanup in SecureX


  • Set the Helios API Key local variable to your Cohesity Helios API key
  • Set the SecureX API Client ID and SecureX API Secret local variables to your API client’s ID and secret (more information)
  • Set the Delete Sighting and Incident local variable to yes or no depending on whether or not you want to clean up SecureX objects after restoration
  • If you want to change the name of this workflow in the pivot menu, change its display name